From 530608bbdc11012fdc8340508c30360088283901 Mon Sep 17 00:00:00 2001 From: avoidr Date: Sat, 2 Apr 2016 18:38:37 +0200 Subject: add cmus.profile --- etc/cmus.profile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 etc/cmus.profile diff --git a/etc/cmus.profile b/etc/cmus.profile new file mode 100644 index 000000000..0eccfb2f0 --- /dev/null +++ b/etc/cmus.profile @@ -0,0 +1,17 @@ +noblacklist {HOME}/.config/cmus + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +seccomp +protocol unix,inet,inet6 +netfilter +noroot + +private-bin cmus +private-etc group +shell none +noroot -- cgit v1.2.3-54-g00ecf From 57fef7b4129714eb015131113b5d6f4a179c9f51 Mon Sep 17 00:00:00 2001 From: avoidr Date: Sat, 2 Apr 2016 21:38:47 +0200 Subject: add profile header comment --- etc/cmus.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/cmus.profile b/etc/cmus.profile index 0eccfb2f0..d06d8a9d4 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -1,3 +1,4 @@ +# cmus profile noblacklist {HOME}/.config/cmus include /etc/firejail/disable-common.inc -- cgit v1.2.3-54-g00ecf From eef6be4110c86624ec8e7ca26cd38343bdb9d089 Mon Sep 17 00:00:00 2001 From: avoidr Date: Sat, 2 Apr 2016 22:05:08 +0200 Subject: edit Makefile.in, conffiles --- Makefile.in | 1 + platform/debian/conffiles | 1 + 2 files changed, 2 insertions(+) diff --git a/Makefile.in b/Makefile.in index c9e2e54f8..581402283 100644 --- a/Makefile.in +++ b/Makefile.in @@ -158,6 +158,7 @@ realinstall: install -c -m 0644 .etc/ssh.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/. install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. + install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" rm -fr .etc diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 4137f247d..aef20ed1f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -78,3 +78,4 @@ /etc/firejail/disable-programs.inc /etc/firejail/disable-passwdmgr.inc /etc/firejail/dillo.profile +/etc/firejail/cmus.profile -- cgit v1.2.3-54-g00ecf From 2e8919c9d33f46f876394f116f5fa150a9360b85 Mon Sep 17 00:00:00 2001 From: avoidr Date: Sat, 2 Apr 2016 22:05:54 +0200 Subject: edit README{.md,} --- README | 1 + README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README b/README index b672a4ab8..c242faa85 100644 --- a/README +++ b/README @@ -99,6 +99,7 @@ avoidr (https://github.com/avoidr) - blacklist ncat, manpage fixes, - hostname support in profile file - Google Chrome profile rework + - added cmus profile Bruno Nova (https://github.com/brunonova) - whitelist fix - bash arguments fix diff --git a/README.md b/README.md index bcf0ab771..d5e3f8b7d 100644 --- a/README.md +++ b/README.md @@ -283,5 +283,5 @@ $ man firejail-profile ## New security profiles lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, -OpenSSH client, OpenBox window manager, Dillo. +OpenSSH client, OpenBox window manager, Dillo, cmus. -- cgit v1.2.3-54-g00ecf From ffce3aad6a0492be48c8caaaa7a2cb47a908164d Mon Sep 17 00:00:00 2001 From: avoidr Date: Sat, 2 Apr 2016 22:10:56 +0200 Subject: fix cmus.profile --- etc/cmus.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/cmus.profile b/etc/cmus.profile index d06d8a9d4..bfefd3100 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -1,5 +1,5 @@ # cmus profile -noblacklist {HOME}/.config/cmus +noblacklist ${HOME}/.config/cmus include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc -- cgit v1.2.3-54-g00ecf